Information Technology Security Specialist

advertisement
IT SECURITY SPECIALIST
DRAFT
I. DESCRIPTION OF WORK
Positions in this banded class plan, coordinate, and implement security measures to protect information and information processing assets. They
design and implement network control mechanisms to control access to computer networks; manage vulnerabilities within the information
processing infrastructure; manage threats and incidents impacting information resources; assure through policy the appropriate use of information
resources; and educate users on their information security and privacy responsibilities. They also implement application access controls such as
password authentication that grant access to only unauthorized users. They employ the appropriate intrusion detection and prevention tools and
procedures to detect and prevent against hackers, worms and other malware. They may be responsible for planning, developing, and managing
the physical and environmental security required to address the threats, vulnerabilities, and counter measures required to protect information assets
and the premises in which they reside. Employees are responsible for the strategic and tactical development and implementation of their IT risk
management, business continuity planning and disaster recovery plans and with the collaboration of the agency’s/university’s departments in
implementation of departmental plans Employees may be responsible for developing information security policies, standards, best practices and
ensuring that state and federal information security requirements are implemented.
II. ROLE DESCRIPTIONS BY COMPETENCY LEVEL
Contributing
Journey
Page 1 of 8
Advanced
Positions at this level scan networks and
systems for their level of vulnerability to
threats. They also have to be involved in
identifying any emerging vulnerabilities of the
system. They will produce reports for
management to identify potential risks.
Positions may meet with systems
administrators to identify security patches
available to minimize vulnerabilities and risks.
Positions at this level may serve as identify
management/password authentication
administrators to control users access to
systems. They monitor reports of computer
viruses to determine when to update virus
protection systems. Position communicates
procedures and one-time passwords to users
of the systems. This usually entails keeping
up-to-date lists of users as well as helping
employees who have forgotten passwords or
accidentally violated security procedures.
Positions may serve as disaster recovery
analysts who advise on the development,
documentation and maintenance of disaster
recovery plans. Work on information security
training and awareness campaigns. Evaluate
new threats and communicate to agency or
institution. Review risk assessments. Support
cyber incident response.
.
Positions at this level may design, develop,
and maintain security regulations, procedures
and department wide rules for moderately
complex agencies or universities. They
analyze information obtained from intrusion
detection and prevention systems and work
with advanced security protocols and
standards including recommended blocks to
apply..
They will evaluate and develop
approaches to security solutions. Position
proactively assesses potential items of risk
and opportunities of vulnerabilities in the
network. They may research and help develop
security practices. They analyze traffic trends
and systems logs and propose security policy
changes. Positions may also serve as disaster
recovery analysts who establish disaster
recovery programs and business continuity
planning across multiple platforms. Create
request for proposal (RFP) and help evaluate
responses of RFP for information security
projects. Review new projects, systems and
applications for compliance to statewide or
institution policies. Create and maintain the
agency or institution’s security training and
awareness effort. Create and conduct risk,
system and application assessments. Create
and maintain cyber security incident response
plan.
Page 2 of 8
Positions at this level establish security
enterprise regulations and procedures based
on federal and state laws and mandates. They
design and manage security systems and
architectures for possible enterprise-wide
implementation (statewide or large complex
universities/agencies) that protect federally
mandated information such as tax records,
health information, research data, state
security records or student educational
records. They design security systems for
organizations with complex network systems,
major databases, emerging technologies, or
systems with known vulnerabilities. Positions
may be responsible for establishing and
maintaining an enterprise-wide information risk
management program to ensure that
information assets are adequately protected.
They will act as an advisor to the enterprise's
business units and should have an
understanding of the latest security threats,
trends, technologies, and regulatory
requirements. Some positions at this level
may serve as forensic experts to recover
information from computers and data storage
devices. They often work alongside law
enforcement officers helping to solve cyber
crimes or find electronic evidence of other
kinds of crime using forensic tools and
investigative methods to find specific electronic
data, including Internet use history, word
processing documents, images and other files.
They also transfer the evidence into a format
that can be used for legal purposes (i.e.
criminal trials) and often testify in court
themselves. Serve as cyber incident response
leader.
III. COMPETENCIES
Competency
Definition
Knowledge - Technical
Knowledge of computers and related information technology services and the ability to keep up with
current developments and trends in areas of expertise.
Technical Solution Development
Ability to demonstrate a methodical and logical approach to addressing customer needs. Ability to
use innovative solutions and/or designs where appropriate.
Technical Support
Ability to understand internal/external customer technologies and problem resolution techniques.
Ability to communicate effectively with customers. Ability to listen to symptom descriptions; to
analyze problems; to respond effectively and to provide constructive feedback to the client on
problem resolution.
Consulting/Advising
Ability to provide advice and counsel. Ability to understand client programs, organization and culture.
Knowledge - Professional
Possession of a designated level of professional skill and/or knowledge in specific area(s) and to
keep current with developments and trends in area(s) of expertise, usually acquired through postsecondary education.
Note: Not all competencies apply to every position/employee; evaluate only those that apply. Competency statements are progressive.
Page 3 of 8
IV. COMPETENCY STATEMENTS BY LEVEL
Knowledge – Technical
Knowledge of computers and related information technology services and the ability to keep up with current developments and trends in areas of
expertise.
Contributing
Journey
Knowledge in system technology security
testing (vulnerability scanning and penetration
testing)
Proficient use of various tools and
techniques, including risk, business impact,
control and vulnerability assessments, used to
identify business needs and determine control
requirements
Knowledge of network infrastructure,
including routers, switches, firewalls and
associated network protocols and concepts
Understand the basic tenets (CIA) of security:
confidentiality, integrity and availability
Considerable knowledge of computer
equipment and security software.
Knowledge of security access control
techniques
Thorough understanding of the basic tenets
(CIA) of security in complex environments:
Confidentiality – Protecting data from
unauthorized access; Integrity – Ensuring the
data is as it was or should be (i.e. unchanged);
and Availability – Ensuring systems, data and
networks are up and redundant where needed
(i.e. backups).
Detailed understanding of IT controls
available to enforce the CIA tenets
Detailed understanding of system technology
security testing (vulnerability scanning,
sensitive data scanning, and penetration
testing
Understanding of cryptography: Understands
basic principles of Public Key Infrastructure,
knows the importance of protecting passwords
with encryption and salt and has the ability to
recognize and verify self-signed certificates.
Substantial knowledge to perform information
security, application security, information
systems, physical security and network
security assessments.
Advanced
Excellent technical knowledge of mainstream
operating systems (for example, Microsoft
Windows and AIX UNIX) and a wide range of
security technologies, such as network
security appliances, identity and access
management systems, cryptography, antimalware solutions, automated policy
compliance and desktop security tools.
Substantial knowledge in developing,
documenting and maintaining security policies,
processes, procedures and standards.
Substantial knowledge in strategic planning,
implementation and maintenance of
information security programs.
Detailed understanding of technical issues to
design architecture for new or emerging
technologies.
Detailed understanding of technical,
substantive, and methodological issues and
theories to direct technical staff.
Substantial knowledge of other work
specialties.
Technical Solution Development
Ability to demonstrate a methodical and logical approach to addressing customer needs. Ability to use innovative solutions and/or designs where
appropriate.
Contributing
Journey
Page 4 of 8
Advanced
Understand the IT controls available to
enforce the CIA tenets of authentication &
authorization: principle of least privilege and
password constructs and controls
Knowledge of network/systems controls,
patching and migration of vulnerabilities.
logging and data backups
Ability to determine and provide users
access/accounts with only privileges needed to
complete their assigned tasks.
Ability to apply standard and nonstandard
technology applications, and to explore and
adapt changing technologies.
Ability to apply judgment independently to
technical work assignments to achieve desired
outcomes.
Ability to understand the available
methodologies of authentication &
authorization and which is appropriate in
particular settings.
Thorough knowledge of federated models,
local systems, enterprise directory services,
and Third-party API’s
Extensive knowledge of the principle of least
privilege and the ability to recognize and report
when a user’s privilege exceeds what is
needed to complete their work.
Ability to design password constructs and
control policies determining the complexity
requirements based on regulatory laws, the
change intervals times needed and recovery
methodologies
Ability to investigate, research and implement
new technologies in security issues and new
innovations.
Ability to provide technical leadership on
complex projects.
Ability to integrate knowledge of other work
specialties to achieve solutions to problems of
high complexity.
Ability to secure highly complex information
technology systems.
Ability to recommend information technology
security and privacy solutions to address
complex and emerging information security and
privacy issuesAbility to plan, implement and
maintain strategic information security program
inclusive of information security policies,
regulations, standards and procedures.
Where patching of vulnerabilities can not be
applied, must be able to develop migration
control to protect IT asset.
Technical Support
Ability to understand internal/external customer technologies and problem resolution techniques. Ability to communicate effectively with customers.
Ability to listen to symptom descriptions; to analyze problems; to respond effectively and to provide constructive feedback to the client on problem
resolution.
Contributing
Journey
Advanced
Ability to recognize security incidents and
report them to the appropriate security
management
Assist the higher level security officers with
incident response by providing logs, removing
the system from the network, and providing
expertise on the specifics of the system.
Ability to detect vulnerabilities that may have
occurred as a result of misconfiguration.
Ability to maintain logs for expected
timeframe under state record retention rules.
Ability to ensure backups of data and
Ability to serve as a technical resource in
solving security problems of high complexity.
Ability to recognize and eliminate unneeded
processes from systems that may expose the
system to undue risk
Understands that only the network ports
needed for the system to fulfill its desired
function should be open.
Extensive understanding of logging systems
in order to ensure systems are configured to
log appropriate security events.
Strong understanding of the restore process
Proficiency in forensic response and reverse
engineering.
Insightfulness to discover the latest exploit
methodologies.
Ability to develop solutions that impact
multiple customers/applications or are used at
the enterprise level.
Ability to work with network/system controls
by understanding network architecture tiers
and incorporate these principles into proposed
system designs
Able to leverage monitoring services to
Page 5 of 8
systems are performed on a routine schedule.
in order to test the usability of the backup
including application testing using the restored
data.
Ability to research and develop the proper
backup media and storage security protections
as dictated by the type of data contained.
detect potential security threats and incidents.
Ability to provide information security
solutions to reduce information security and
privacy risks.
Ability to provide security best practice
recommendations as required by federal and
state regulatory requirements.
Consulting/Advising
Ability to provide advice and counsel. Ability to understand client programs, organization and culture.
Contributing
Journey
Advanced
Ability to work with teams to prioritize security
needs and to effectively get cooperation from
IT professionals to get those security controls
in place.
Strong conflict management skills in order to
work with senior management to ensure
security and data protection rules and
regulations are in place on protected private
information (PPI).
Knowledge of the security industry and
regulations that have an impact on the
customer's business and data protection
issues and the ability to provide appropriate
solution set to address the business needs.
Ability to consult with senior level decisionmakers, on an on-going basis, to develop longrange strategic security alternatives.
Ability to build client support of ITS
objectives.
Ability to work with agency and university
security personnel to develop appropriate risk
migration policies.
Ability to consult with legal, risk management,
audit, compliance and external entities on
information security issues.
Ability to advise security personnel and
senior level management on best practices of
business continuity and disaster recovery
planning.
Knowledge of best security practices of
business continuity planning and risk
management needed to consult with senior
level management and IT specialists in
ensuring their agency/university’s business
Knowledge of the IT security market and
industry and federal and state regulations that
have an impact on the state's technological
business.
Ability to provide security expertise and
consulting to committees, boards and lower
level technical analyst/specialist on a regular
basis.
Ability to lead information security
committees and provide strategic direction on
major information security initiatives.
Ability to provide guidance to legal, risk
management, audit, compliance, and external
entities on the resolution of information
security issues.
Provide resource assistance in the
implementation of security best practices for
business continuity planning, risk management
and disaster planning to senior level
management and IT specialists to assist
agency/university’s development and
maintenance of appropriate business
continuity, risk management and disaster
plans.
Ability to design information security
Page 6 of 8
continuity and disaster plans are in place.
Ability to develop and deliver information
security and awareness training to users.
awareness training programs.
Knowledge - Professional
Possession of a designated level of professional skill and/or knowledge in specific area(s) and to keep current with developments and trends in
area(s) of expertise, usually acquired through post-secondary education.
Contributing
Journey
Advanced
Holds and maintains basic security
certifications, such as Security + (where
applicable) or National Security Agency –
Information Assessment Methodologies (NSAIAM)
Holds and maintains more complex
certifications such as SANS Global Information
Assurance Certifications (Or Similar – ex.
Carnegie-Mellon CERT); Security Essentials
Certification (GSEC); Information System
Security Certification Consortium (ISC)2; or
Systems Security Certified Practitioner (SSCP)
Holds and maintains the most complex and
difficult certifications available in IT security
such as:
 Specialized SANS Global Information
Assurance Certifications based on field of
work
Certified Incident Handler
Certified Intrusion Analyst
Penetration Tester/Web Application
Penetration Tester
Certified Forensic Analyst/Examiner
 Information System Security Certification
Consortium (ISC)2
Certified Information Systems Security
Professional (CISSP)
 Vendor and Government Certifications
Seized Computer Evidence Recovery
Specialist (Federal Law Enforcement
Training Center)
EnCase Certified Examiner
Certification (EnCE)
AccessData Certified Examiner (ACE)
Certified Information System Auditor (CISA)
Page 7 of 8
Certified Ethical Hacker (CEH)
 Certified Information Security
Manager (CISM)
Page 8 of 8
Download